How to protect your company from 'zero-day' exploits
Computerworld - A "zero-day" exploit is any vulnerability that's exploited immediately after its discovery. This is a rapid attack that takes place before the security community or the vendor knows about the vulnerability or has been able to repair it. Such exploits are a Holy Grail for hackers because they take advantage of the vendor's lack of awareness and the lack of a patch, enabling the hacker to wreak maximum havoc.
Zero-day exploits are often discovered by hackers who find a vulnerability in a specific product or protocol, such as Microsoft Corp.'s Internet Information Server and Internet Explorer or the Simple Network Management Protocol. Once they are discovered, zero-day exploits are disseminated rapidly, typically via Internet Relay Chat channels or underground Web sites.
Why is the threat growing?
Although there haven't yet been significant zero-day exploits, the threat is growing, as evidenced by the following:
- Hackers are getting better at exploiting vulnerabilities soon after discovery. It would typically take months for vulnerabilities to be exploited. In January 2003, the SQL Slammer worm exploit appeared eight months after the vulnerability was disclosed. More recently, the time between discovery and exploitation has been reduced to days. Just two days after Cisco Systems Inc. disclosed a vulnerability in its Internetworking Operating System software, exploits were seen; MS Blast was exploited less than 25 days after the vulnerability was disclosed, and Nachi (a variant of MS Blast) struck a week later.
- Exploits are being designed to propagate faster and infect larger numbers of systems. Exploits have evolved from the passive, slowly propagating file and macro viruses of the early 1990s to more active, self-propagating e-mail worms and hybrid threats that take a few days or a few hours to spread. Today, the latest Warhol and Flash threats take only a few minutes to propagate.
- Knowledge of vulnerabilities is growing and more are being discovered and exploited.
For these reasons, zero-day exploits are a scourge for most enterprises. A typical enterprise uses firewalls, intrusion-detection systems and antivirus software to secure its mission-critical IT infrastructure. These systems offer good first-level protection, but despite the best efforts of security staffers, they can't protect enterprises against zero-day exploits.
What to look for
By definition, detailed information about zero-day exploits is available only after the exploit is identified. To understand how to determine if your company has been attacked by a zero-day exploit, here is an example:
In March 2003, a Web server run by the U.S. Army was compromised by an exploit using a buffer-overflow vulnerability in WebDAV. This was before Microsoft was aware of the vulnerability, and hence no
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts